- feeds
- popular
- recent
- reader
- about
- story
- technologies
- what is rss
- connect
- dmca
- contact
- Feed Preview Sorin Mustaca on Cybersecurity
Understanding NIS2 and DORA: What executives need to know
These days businesses are subject to increasing regulatory scrutiny, particularly regarding cybersecurity and operational resilience. Two significant EU regulations, NIS2 (Network and Information...
https://www.sorinmustaca.com/understanding-nis2-and-dora-what-executives-need-to-know/
How-To create Security User Stories
In the previous article, we explored how Scrum enables teams to add security to the backlog and prioritize it based on risk. Incorporating security into the SDLC ensures that security is not an a...
https://www.sorinmustaca.com/how-to-create-security-user-stories/
Bitcoin fraud through (hacked?) WordPress installations
I don’t usually write anymore about phishing attempts, but this one draw my attention due to large amount of emails and to variety of websites being used. Of course, I would not write “massiv...
https://www.sorinmustaca.com/bitcoin-fraud-through-hacked-wordpress-installations/
Delivering secure software in an agile way
Agile Software Development: Why It’s Better Traditional development methodologies, such as the Waterfall model, struggle to keep up with the need for quick iterations, frequent releases, and...
https://www.sorinmustaca.com/delivering-secure-software-in-an-agile-way/
Understanding Defense in Depth in IT Security
The recent outage caused by Crowdstrike’s faulty update has create a lot of discussions. I wrote a post on LinkedIn where I asked the readers why are IT professionals using Crowdstrike on some ...
https://www.sorinmustaca.com/understanding-defense-in-depth-in-it-security/
ISO 27001:2022 and TISAX: overlaps and differences
Introduction ISO 27001:2022 and TISAX VDA ISA 6.0 are two prominent standards in the realm of information security management, particularly within the automotive industry. While ISO 27001 provide...
https://www.sorinmustaca.com/iso-270012022-and-tisax-overlaps-and-differences/
Understanding the SOC 2 Certification
Introduction SOC 2 (Service Organization Control 2) certification is a framework designed by the American Institute of CPAs (AICPA) to help organizations manage customer data based on five Trust ...
https://www.sorinmustaca.com/understanding-the-soc-2-certification/
Introduction to CISA’s Secure by Design Initiative
What is Secure by Design? Secure by Design products are those where the security of the customers is a core business requirement, not just a technical feature. Secure by Design principles shou...
https://www.sorinmustaca.com/introduction-to-cisas-secure-by-design-initiative/
Implementing ISO 27001:2022 Annex A.18 – Compliance
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we end the series with ISO 27001:2022 Annex A.18, “Compliance”...
https://www.sorinmustaca.com/implementing-iso-27001-2022-annex-a-18-compliance/
Maping NIS2 requirements to the ISO 27001:2022 framework
We described here the process needed to perform a gap analysis for NIS2, but we did not add the details on how to approach this. This article references on the ISO27001:2022 series, especially on...
https://www.sorinmustaca.com/maping-nis2-requirements-to-the-iso-270012022-framework/
Implementing ISO 27001:2022 Annex A.17 – Information Security Aspects of Business Continuity Management
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.17, “Information Security Asp...
Implementing ISO 27001:2022 Annex A.16 – Information Security Incident Management
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.16, “Information Security In...
NIS-2: 10 common misconceptions about the regulation
We wrote here about NIS2 and we will continue to add more content about it. Because we are getting closer to October 17th, many people are getting more and more nervous about NIS2. Despite its si...
https://www.sorinmustaca.com/nis-2-10-common-misconceptions-about-the-regulation/
Implementing ISO 27001:2022 Annex A.15 – Supplier Relationships
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.15, “Supplier Relationships...
https://www.sorinmustaca.com/implementing-iso-270012022-annex-a-15-supplier-relationships/
Google Ads for Bitbucket.org – malvertising at its best (Updated)
What is it? Malvertising : Malware delivered through Advertising. These corrupted ads are designed to appear legitimate but they may serve malicious code, which can infect a user’s device ...
https://www.sorinmustaca.com/google-ads-for-bitbucket-org-malvertising-at-its-best/
Understanding ISO 27001:2022 Annex A.14 – System Acquisition, Development, and Maintenance
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.14, “System Acquisition, Deve...
Understanding ISO 27001:2022 Annex A.13 – Communications Security
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.13, “Communications Security...
https://www.sorinmustaca.com/understanding-iso-27001-2022-annex-a-13-communications-security/
Understanding ISO 27001:2022 Annex A.12 – Operations Security
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.12, “Operations Security”,...
https://www.sorinmustaca.com/understanding-iso-270012022-annex-a-12-operations-security/
Understanding ISO 27001:2022 Annex A.11 – Physical and Environmental Security
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.11, “Physical and Environment...
Understanding ISO 27001:2022 Annex A.10 – Cryptography
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.10, “Cryptography”, which ...
https://www.sorinmustaca.com/understanding-iso-27001-2022-annex-a-10-cryptography/
Understanding ISO 27001:2022 Annex A.9 – Access Control
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.9, “Access Control”. Access...
https://www.sorinmustaca.com/understanding-iso-27001-2022-annex-a-9-access-control/
Understanding ISO 27001:2022 Annex A.8 – Asset Management
ISO 27001:2022 Annex A.8, “Asset Management,” addresses the importance of identifying, classifying, and managing information assets within an organization. This annex emphasizes the need f...
https://www.sorinmustaca.com/understanding-iso-27001-2022-annex-a-8-asset-management/
Understanding ISO 27001:2022 Annex A.7 – Human Resource Security
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. Today we address ISO 27001:2022 Annex A.7, “Human Resource Security...
https://www.sorinmustaca.com/understanding-iso-27001-2022-annex-a-7-human-resource-security/
Understanding ISO 27001:2022 Annex A.6 – Organization of Information Security
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with ISO 27001:2022 Annex A.6, “Organization of Inform...
https://www.sorinmustaca.com/understanding-iso-27001-2022-annex-a-6/
Understanding ISO 27001:2022 Annex A.5 – Information Security Policies
We started the ISO 27001:2022 series with the promise of explaining how the 14 categories of controls can be implemented. We start today with A.5. Information Security Policies. Importance ...
Annex A of ISO 27001:2022 explained and tips to prepare for an audit
We wrote in the previous article ISO 27001:2022: chapter by chapter description about ISO 27001:2022 Annex A. Annex A of ISO 27001:2022 is a vital component of the standard, outlining a comprehe...
https://www.sorinmustaca.com/annex-a-of-iso-27001-2022-explained/
ISO 27001:2022: chapter by chapter description
I’ve been asked many times by customers, especially those in automotive industry, who deal with the TISAX certification, which is based on ISO 27001, if I can make them a summary of the ISO 2...
https://www.sorinmustaca.com/iso-270012022-chapter-by-chapter-description/
The ISO 27000 family of protocols and their role in cybersecurity
The ISO 27000 family of protocols represent a series of standards developed by the International Organization for Standardization (ISO) to address various aspects of information security manageme...
https://www.sorinmustaca.com/the-iso-27000-family-of-protocols-and-their-role-in-cybersecurity/
Risk Assessment of AWS services used in building a resilient Web App on AWS
We wrote here in the article “Building Resilient Web Applications on AWS: A Comprehensive Approach to Security” how to use certain AWS services to implement a resilient web based application...
Building Resilient Web Applications on AWS: A Comprehensive Approach to Security
I have been asked by friends and customers what is the best way to implement a web based application with minimum costs and good security. Of course, the best way is to define exactly what you...
TISAX: new Catalogue ISA v6 available
This post is more for me to quicker find the details. Source: ISA Version 6 Now Available · ENX Portal Here is a summary ISA 6: The latest version of the ISA catalogue, published in October 202...
https://www.sorinmustaca.com/tisax-new-catalogue-isa-v6-available/
Evolving beyond your core expertise: it’s time to add security
This post is for creators of digital services like optimization tools, VPN solutions, Backup and Disaster Recovery tools, Parental control tools, Identity protection tools, Privacy tools, Email...
https://www.sorinmustaca.com/evolving-beyond-your-core-expertise-its-time-to-add-security/
Balancing functionality and privacy concerns in AI-based Endpoint Security solutions
The integration of Artificial Intelligence (AI) in endpoint security has revolutionized the way organizations protect their devices and data. Ok, let’s take a break here: have you read the arti...
Artificial Intelligence vs. Machine Learning
I will write in the future a lot about AI and ML with focus on cybersecurity. I will mix AI and ML and other terms quite a lot, so I think it is necessary to have a base from where to start. Fo...
https://www.sorinmustaca.com/artificial-intelligence-vs-machine-learning/
Thoughts on AI and Cybersecurity
Being an CSSLP gives me access to various emails from (ISC)2. One of these announced me that there is a recording of a webinar about AI and Cybersecurity held by Steve Piper from CyberEdge. Very ...
https://www.sorinmustaca.com/thoughts-on-ai-and-cybersecurity/
Authentication vs. Authorization
These two fundamental concepts play a pivotal role in ensuring the integrity and security of digital systems. While these terms are often used interchangeably, they represent distinct and equally...
https://www.sorinmustaca.com/authentication-vs-authorization/
Demystifying cybersecurity terms: Policy, Standard, Procedure, Controls, Framework, Zero Trust
I am often asked what is the difference between Policy, Standard, Procedure in cybersecurity. Well, here it is: 1. Cybersecurity Standard A cybersecurity standard is a set of guidelines, criteria...
Zero Trust in Cybersecurity: from myth to the guide
Every single day I read news on various portals and on LinkedIn and I encounter a lot of buzz words. Most of the time I just smile recognizing the marketing b**it, and continue to scroll… This ...
https://www.sorinmustaca.com/zero-trust-in-cybersecurity-from-myth-to-the-guide/
NIS2: Perform a risk assessment
This is the fourth article from the series How-To: NIS2 EU Directive . One essential step in safeguarding an organization’s sensitive information is to perform a cybersecurity risk assessment. ...
https://www.sorinmustaca.com/nis2-perform-a-risk-assessment/
NIS2: 3.Establish a cybersecurity framework
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven...
https://www.sorinmustaca.com/nis2-3-establish-a-cybersecurity-framework/
How to implement an Information Security Management System (ISMS)
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the 3rd step in implementing the requirements of the directive is to establish a cybersecurity framework. If you haven...
https://www.sorinmustaca.com/how-to-implement-an-information-security-management-system-isms/
NIS2: 2.Designate a responsible person or team
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the second step in implementing NIS2 requirements is to designate a responsible person or team. Appointing an individual...
https://www.sorinmustaca.com/nis2-2-designate-a-responsible-person-or-team/
NIS2: 1. Perform a gap analysis
We wrote here https://www.sorinmustaca.com/how-to-nis2-eu-directive/ that the first step in implementing NIS2 requirements is to perform a gap analysis. The most critical part when performing ...
How-To: NIS2 EU Directive
The NIS2 Directive is a European Union legislative text on cybersecurity that supersedes the first NIS (Network and Information Security) Directive, adopted in July 2016. NIS vs. NIS2 While the f...
Executive summary: NIS2 Directive for the EU members (updated)
The NIS 2 Directive is a set of cybersecurity guidelines and requirements established by the European Union (EU) . It replaces and repeals the NIS Directive (Directive 2016/1148/EC) . The full ...
https://www.sorinmustaca.com/executive-summary-nis2-directive-for-the-eu-members/
Implementing secure over-the-air (OTA) updates in embedded devices
This is a follow up article related to Secure Booting and Secure Flashing. It is the 5th article related to Strengthening the Security of Embedded Devices Implementing secure over-the-air (OTA) u...
https://www.sorinmustaca.com/implementing-secure-over-the-air-ota-updates-in-embedded-devices/
The Importance of Secure Flashing for Embedded Devices and Secure Implementation Practices
This is the third article in the series about embedded devices security, started with Strengthening the Security of Embedded Devices The second article was Secure Booting for Embedded Devices: Sa...
Secure Booting for Embedded Devices: Safeguarding Systems from Intrusions
This is the second article in the series about embedded devices security, started with Strengthening the Security of Embedded Devices Embedded devices are specialized computing systems designed t...
Strengthening the Security of Embedded Devices
Embedded devices are specialized computing systems designed to perform specific tasks or functions within a larger system. Unlike general-purpose computers, embedded devices are typically integra...
https://www.sorinmustaca.com/strengthening-the-security-of-embedded-devices/
How to Configure the Most Secure Settings for Microsoft Defender
Q: write an article describing most secure settings of Microsoft Defender A: Microsoft Defender is a comprehensive security solution that protects your Windows devices from various threats, such ...
https://www.sorinmustaca.com/how-to-configure-the-most-secure-settings-for-microsoft-defender/